Zeus Panda is extremely localized, she said. In addition to local banks, it targets a supermarket that delivers food, a police agency, and a Bitcoin exchange.
The Bitcoin exchange is probably being used to help the criminals launder their ill-gotten gains, Kessem suggested.
Zeus Sphinx targets Brazilian banks as well, but also goes after the popular Boleto Bancário payment platform, which allows users to go online and send money orders.
Sphinx first emerged a year ago, first attacking banks in Australia and the U.K.
Kessem did not have any data about how much financial damage these attackers are causing Brazil. In 2014, however, RSA issued a report that a Boleto malware fraud ring had compromised nearly $4 billion worth of transactions over the previous two years.
IBM currently monitors 270 million endpoints worldwide, Kessem said. After spotting the malware, the company notified the targeted institutions and local law enforcement authorities.
She declined to name the specific institutions targeted by the malware.
Sign up for CIO Asia eNewsletters.